Cryptography Flashcards Preview

CISSP Exam > Cryptography > Flashcards

Flashcards in Cryptography Deck (42)
Loading flashcards...
2
Q

What does IPSec define?
A) All possible security classifications for a specific configuration
B) A framework for setting up a secure communication channel
C) The valid transition states in the Biba model
D) TCSEC security categories

A

A framework for setting up a secure communication channel

IPSec is a security protocol that defines a framework for setting up a secure channel to exchange information between two entities.

3
Q
What is the minimum number of cryptographic keys required for secure two-way communications in symmetric key cryptography?
A) One
B) Two
C) Three
D) Four
A

One

Symmetric key cryptography uses a shared secret key. All communicating parties utilize the same key for communication in any direction.

4
Q
What is the length of the cryptographic key used in the Data Encryption Standard (DES) cryptosystem?
A) 56 bits
B) 128 bits
C) 192 bits
D) 256 bits
A

56 bits

DES uses a 56-bit key. This is considered one of the major weaknesses of this cryptosystem.

5
Q
How many encryption keys are required to fully implement an asymmetric algorithm with 10 participants?
A) 10
B) 20
C) 45
D) 100
A

20

In an asymmetric algorithm, each participant requires two keys: a public key and a private key.

6
Q
What is the major disadvantage of using certificate revocation lists?
A) Key management
B) Latency
C) Record keeping
D) Vulnerability to brute force attacks
A

Latency

Certificate revocation lists (CRLs) introduce an inherent latency to the certificate expiration process due to the time lag between CRL distributions.

7
Q
When correctly implemented, what is the only cryptosystem known to be unbreakable?
A) Transposition cipher
B) Substitution cipher
C) Advanced Encryption Standard
D) One-time pad
A

One-time pad

Assuming that it is used properly, the one-time pad is the only known cryptosystem that is not vulnerable to attacks.

8
Q
Which AES finalist makes use of prewhitening and postwhitening techniques?
A) Rijndael
B) Twofish
C) Blowfish
D) Skipjack
A

Twofish

The Twofish algorithm, developed by Bruce Schneier, uses prewhitening and postwhitening.

9
Q
What kind of attack makes the Caesar cipher virtually unusable?
A) Meet-in-the-middle attack
B) Escrow attack
C) Frequency analysis attack
D) Transposition attack
A

Frequency analysis attack

The Caesar cipher (and other simple substitution ciphers) are vulnerable to frequency analysis attacks that analyze the rate at which specific letters appear in the ciphertext.

10
Q
What type of cipher relies upon changing the location of characters within a message to achieve confidentiality?
A) Stream cipher
B) Transposition cipher
C) Block cipher
D) Substitution cipher
A

Transposition cipher

Transposition ciphers use a variety of techniques to reorder the characters within a message.

11
Q
Which one of the following cipher types operates on large pieces of a message rather than individual characters or bits of a message?
A) Stream cipher
B) Caesar cipher
C) Block cipher
D) ROT3 cipher
A

Block cipher

Block ciphers operate on message “chunks” rather than on individual characters or bits. The other ciphers mentioned are all types of stream ciphers that operate on individual bits or characters of a message.

12
Q
Richard wants to digitally sign a message he's sending to Sue so that Sue can be sure the message came from him without modification while in transit. Which key should he use to encrypt the message digest?
A) Richard's public key
B) Richard's private key
C) Sue's public key
D) Sue's private key
A

Richard’s private key

Richard should encrypt the message digest with his own private key. When Sue receives the message, she will decrypt the digest with Richard’s public key and then compute the digest herself. If the two digests match, she can be assured that the message truly originated from Richard.

13
Q
What block size is used by the Advanced Encryption Standard?
A) 32 bits
B) 64 bits
C) 128 bits
D) Variable
A

128 bits

The Advanced Encryption Standard uses a 128-bit block size, despite the fact that the Rijndael algorithm it is based on allows a variable block size.

14
Q
What is the length of a message digest produced by the MD5 algorithm?
A) 64 bits
B) 128 bits
C) 256 bits
D) 384 bits
A

128 bits

The MD5 algorithm produces a 128-bit message digest for any input.

15
Q
Which of the following links would be protected by WPA encryption?
A) Firewall to firewall
B) Router to firewall
C) Client to wireless access point
D) Wireless access point to router
A

Client to wireless access point

The WiFi Protected Access protocol encrypts traffic passing between a mobile client and the wireless access point. It does not provide end-to-end encryption.

16
Q
If Richard wants to send an encrypted message to Sue using a public key cryptosystem, which key does he use to encrypt the message?
A) Richard's public key
B) Richard's private key
C) Sue's public key
D) Sue's private key
A

Sue’s public key

Richard must encrypt the message using Sue’s public key so that Sue can decrypt it using her private key. If he encrypted the message with his own public key, the recipient would need to know Richard’s private key to decrypt the message. If he encrypted it with his own private key, any user could decrypt the message using Richard’s freely available public key. Richard could not encrypt the message using Sue’s private key because he does not have access to it. If he did, any user could decrypt it using Sue’s freely available public key.

17
Q
John wants to produce a message digest of a 2,048-byte message he plans to send to Mary. If he uses the SHA-1 hashing algorithm, what size will the message digest for this particular message be?
A) 160 bits
B) 512 bits
C) 1,024 bits
D) 2,048 bits
A

160 bits

The SHA-1 hashing algorithm always produces a 160-bit message digest, regardless of the size of the input message. In fact, this fixed-length output is a requirement of any secure hashing algorithm.

18
Q
What type of cryptosystem commonly makes use of a passage from a well-known book for the encryption key?
A) Vernam cipher
B) Running key cipher
C) Skipjack cipher
D) Twofish cipher
A

Running key cipher

Running key (or “book”) ciphers often use a passage from a commonly available book as the encryption key.

19
Q
What encryption technique does WPA use to protect wireless communications?
A) TKIP
B) DES
C) 3DES
D) AES
A

TKIP

WiFi Protected Access (WPA) uses the Temporal Key Integrity Protocol (TKIP) to protect wireless communications. WPA2 uses AES encryption.

20
Q
What is the output value of the mathematical function 16 mod 3?
A) 0
B) 1
C) 3
D) 5
A

1

1 is correct because 16 divided by 3 equals 5, with a remainder value of 1.

21
Q
What cryptosystem provides the encryption/decryption technology for the commercial version of Phil Zimmerman's Pretty Good Privacy secure email system?
A) ROT13
B) IDEA
C) ECC
D) El Gamal
A

IDEA

Pretty Good Privacy uses a “web of trust” system of digital signature verification. The encryption technology is based upon the IDEA private key cryptosystem.

22
Q

Many cryptographic algorithms rely upon the difficulty of factoring the product of large prime numbers. What characteristic of this problem are they relying upon?
A) It contains diffusion.
B) It contains confusion.
C) It is a one-way function.
D) It complies with Kerchoff’s principle.

A

It is a one-way function.

A one-way function is a mathematical operation that easily produces output values for each possible combination of inputs but makes it impossible to retrieve the input values.

23
Q
Which of the following tools can be used to improve the effectiveness of a brute-force password cracking attack?
A) Rainbow tables
B) Hierarchical screening
C) TKIP
D) Random enhancement
A

Rainbow tables

Rainbow tables contain precomputed hash values for commonly used passwords and may be used to increase the efficiency of password cracking attacks.

24
Q
Acme Widgets currently uses a 1,024-bit RSA encryption standard companywide. The company plans to convert from RSA to an elliptic curve cryptosystem. If it wants to maintain the same cryptographic strength, what ECC key length should it use?
A) 160 bits
B) 512 bits
C) 1,024 bits
D) 2,048 bits
A

160 bits

The elliptic curve cryptosystem requires significantly shorter keys to achieve encryption that would be the same strength as encryption achieved with the RSA encryption algorithm. A 1,024-bit RSA key is cryptographically equivalent to a 160-bit elliptic curve cryptosystem key.

25
Q
How many keys are required to fully implement a symmetric algorithm with 10 participants?
A) 10
B) 20
C) 45
D) 100
A

45

The number of keys required for a symmetric algorithm is dictated by the formula (n*(n-1))/2, which in this case, where n = 10, is 45.

26
Q
What TCP/IP communications port is utilized by Transport Layer Security traffic?
A) 80
B) 220
C) 443
D) 559
A

443

Secure Sockets Layer utilizes TCP port 443 for encrypted client-server communications.

27
Q
How many possible keys exist in a 4-bit key space?
A) 4
B) 8
C) 16
D) 128
A

16

To determine the number of keys in a key space, raise 2 to the power of the number of bits in the key space. In this example, 24=16.

28
Q
Dave is developing a key escrow system that requires multiple people to retrieve a key but does not depend upon every participant being present. What type of technique is he using?
A) Split knowledge
B) M of N Control
C) Work function
D) Zero-knowledge proof
A

M of N Control

M of N Control requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks.

29
Q
John recently received an electronic mail message from Bill. What cryptographic goal would need to be met to convince John that Bill was actually the sender of the message?
A) Nonrepudiation
B) Confidentiality
C) Availability
D) Integrity
A

Nonrepudiation

Nonrepudiation prevents the sender of a message from later denying that they sent it.

30
Q
In what type of cipher are the letters of the plain-text message rearranged to form the cipher text?
A) Substitution cipher
B) Block cipher
C) Transposition cipher
D) One-time pad
A

Transposition cipher

Transposition ciphers use an encryption algorithm to rearrange the letters of the plaintext message to form a ciphertext message.

31
Q
Which cryptographic algorithm forms the basis of the El Gamal cryptosystem?
A) RSA
B) Diffie-Hellman
C) 3DES
D) IDEA
A

Diffie-Hellman

The El Gamal cryptosystem extends the functionality of the Diffie-Hellman key exchange protocol to support the encryption and decryption of messages.

32
Q
Which one of the following is not a possible key length for the Advanced Encryption Standard Rijndael cipher?
A) 56 bits
B) 128 bits
C) 192 bits
D) 256 bits
A

56 bits

The Rijndael cipher allows users to select a key length of 128, 192, or 256 bits, depending upon the specific security requirements of the application.

33
Q
Richard received an encrypted message sent to him from Sue. Which key should he use to decrypt the message?
A) Richard's public key
B) Richard's private key
C) Sue's public key
D) Sue's private key
A

Richard’s private key

Sue would have encrypted the message using Richard’s public key. Therefore, Richard needs to use the complementary key in the key pair, his private key, to decrypt the message.

34
Q

In the 1940s, a team of cryptanalysts from the United States successfully broke a Soviet code based upon a onetime pad in a project known as VENONA. What rule did the Soviets break that caused this failure?
A) Key values must be random.
B) Key values must be the same length as the message.
C) Key values must be used only once.
D) Key values must be protected from physical disclosure.

A

Key values must be random.

The cryptanalysts from the United States discovered a pattern in the method the Soviets used to generate their one-time pads. After this pattern was discovered, much of the code was eventually broken.

35
Q
Which one of the following encryption algorithms is now considered insecure?
A) El Gamal
B) RSA
C) Skipjack
D) Merkle-Hellman Knapsack
A

Merkle-Hellman Knapsack

The Merkle-Hellman Knapsack algorithm, which relies upon the difficulty of factoring superincreasing sets, has been broken by cryptanalysts.

36
Q
Which one of the following algorithms is not supported by the Digital Signature Standard?
A) Digital Signature Algorithm
B) RSA
C) El Gamal DSA
D) Elliptic Curve DSA
A

El Gamal DSA

The Digital Signature Standard allows federal government use of the Digital Signature Algorithm, RSA, or the Elliptic Curve DSA in conjunction with the SHA-1 hashing function to produce secure digital signatures.

37
Q
In the RSA public key cryptosystem, which one of the following numbers will always be largest?
A) e
B) n
C) p
D) q
A

n

The number n is generated as the product of the two large prime numbers p and q. Therefore, n must always be greater than both p and q. Furthermore, it is an algorithm constraint that e must be chosen such that e is smaller than n. Therefore, in RSA cryptography, n is always the largest of the four variables shown in the options to this question.

38
Q
Which one of the following cannot be achieved by a secret key cryptosystem?
A) Nonrepudiation
B) Confidentiality
C) Availability
D) Key distribution
A

Nonrepudiation

Nonrepudiation requires the use of a public key cryptosystem to prevent users from falsely denying that they originated a message.

39
Q
Which one of the following Data Encryption Standard (DES) operating modes can be used for large messages with the assurance that an error early in the encryption/decryption process won't spoil results throughout the communication?
A) Cipher Block Chaining (CBC)
B) Electronic Codebook (ECB)
C) Cipher Feedback (CFB)
D) Output Feedback (OFB)
A

Output Feedback (OFB)

Output Feedback (OFB) mode prevents early errors from interfering with future encryption/decryption. Cipher Block Chaining and Cipher Feedback modes will carry errors throughout the entire encryption/decryption process. Electronic Codebook (ECB) operation is not suitable for large amounts of data.

40
Q
Which International Telecommunications Union (ITU) standard governs the creation and endorsement of digital certificates for secure electronic communication?
A) X.500
B) X.509
C) X.900
D) X.905
A

X.509

X.509 governs digital certificates and the public key infrastructure (PKI). It defines the appropriate content for a digital certificate and the processes used by certificate authorities to generate and revoke certificates.

41
Q
What type of cryptographic attack rendered Double DES (2DES) no more effective than standard DES encryption?
A) Birthday attack
B) Chosen ciphertext attack
C) Meet-in-the-middle attack
D) Man-in-the-middle attack
A

Meet-in-the-middle attack

The meet-in-the-middle attack demonstrated that it took relatively the same amount of computation power to defeat 2DES as it does to defeat standard DES. This led to the adoption of Triple DES (3DES) as a standard for government communication.

42
Q
If a 2,048-bit plain-text message were encrypted with the El Gamal public key cryptosystem, how long would the resulting ciphertext message be?
A) 1,024 bits
B) 2,048 bits
C) 4,096 bits
D) 8,192 bits
A

4,096 bits

The major disadvantage of the El Gamal cryptosystem is that it doubles the length of any message it encrypts. Therefore, a 2,048-bit plain-text message would yield a 4,096-bit ciphertext message when El Gamal is used for the encryption process.

43
Q
Which one of the following technologies is considered flawed and should no longer be used?
A) SHA-2
B) PGP
C) WEP
D) TLS
A

WEP

The WEP algorithm has documented flaws that make it trivial to break. It should never be used to protect wireless networks.